Search in sources :

Example 1 with ProvisioningEntity

use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.

the class OutboundProvisioningManager method provision.

/**
 * Outbound provisioning method.
 *
 * @param provisioningEntity        Provisioning entity.
 * @param serviceProviderIdentifier Identifier of the service provider.
 * @param inboundClaimDialect       Inbound claim dialect.
 * @param spTenantDomainName        Tenant domain of the service provider.
 * @param jitProvisioning           Is JIT provisioning enabled.
 * @throws IdentityProvisioningException if error occurred while user provisioning.
 */
public void provision(ProvisioningEntity provisioningEntity, String serviceProviderIdentifier, String inboundClaimDialect, String spTenantDomainName, boolean jitProvisioning) throws IdentityProvisioningException {
    try {
        if (provisioningEntity.getEntityName() == null) {
            setProvisioningEntityName(provisioningEntity);
        }
        // get details about the service provider.any in-bound provisioning request via
        // the SOAP based API (or the management console) - or SCIM API with HTTP Basic
        // Authentication is considered as coming from the local service provider.
        ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(serviceProviderIdentifier, spTenantDomainName);
        if (serviceProvider == null) {
            throw new IdentityProvisioningException("Invalid service provider name : " + serviceProviderIdentifier);
        }
        String provisioningEntityTenantDomainName = spTenantDomainName;
        if (serviceProvider.isSaasApp() && isUserTenantBasedOutboundProvisioningEnabled()) {
            provisioningEntityTenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        }
        ClaimMapping[] spClaimMappings = null;
        // if we know the serviceProviderClaimDialect - we do not need to find it again.
        if (inboundClaimDialect == null && serviceProvider.getClaimConfig() != null) {
            spClaimMappings = serviceProvider.getClaimConfig().getClaimMappings();
        }
        // get all the provisioning connectors associated with local service provider for
        // out-bound provisioning.
        // TODO: stop loading connectors all the time.
        Map<String, RuntimeProvisioningConfig> connectors = getOutboundProvisioningConnectors(serviceProvider, spTenantDomainName);
        ProvisioningEntity outboundProEntity;
        ExecutorService executors = null;
        if (MapUtils.isNotEmpty(connectors)) {
            executors = Executors.newFixedThreadPool(connectors.size());
        }
        for (Iterator<Entry<String, RuntimeProvisioningConfig>> iterator = connectors.entrySet().iterator(); iterator.hasNext(); ) {
            Entry<String, RuntimeProvisioningConfig> entry = iterator.next();
            Entry<String, AbstractOutboundProvisioningConnector> connectorEntry = entry.getValue().getProvisioningConnectorEntry();
            AbstractOutboundProvisioningConnector connector = connectorEntry.getValue();
            String connectorType = connectorEntry.getKey();
            String idPName = entry.getKey();
            IdentityProvider provisioningIdp = IdentityProviderManager.getInstance().getIdPByName(idPName, spTenantDomainName);
            if (provisioningIdp == null) {
                // by its name.
                throw new IdentityProvisioningException("Invalid identity provider name : " + idPName);
            }
            String outboundClaimDialect = connector.getClaimDialectUri();
            if (outboundClaimDialect == null && (provisioningIdp.getClaimConfig() == null || provisioningIdp.getClaimConfig().isLocalClaimDialect())) {
                outboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT;
            }
            ClaimMapping[] idpClaimMappings = null;
            if (provisioningIdp.getClaimConfig() != null) {
                idpClaimMappings = provisioningIdp.getClaimConfig().getClaimMappings();
            }
            // TODO: this should happen asynchronously in a different thread.
            // create a new provisioning entity object for each provisioning identity
            // provider.
            Map<ClaimMapping, List<String>> mapppedClaims;
            // get mapped claims.
            mapppedClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, provisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
            if (provisioningIdp.getPermissionAndRoleConfig() != null) {
                // update with mapped user groups.
                updateProvisioningUserWithMappedRoles(provisioningEntity, provisioningIdp.getPermissionAndRoleConfig().getRoleMappings());
            }
            // check whether we already have the provisioned identifier - if
            // so set it.
            ProvisionedIdentifier provisionedIdentifier;
            provisionedIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, spTenantDomainName);
            ProvisioningOperation provisioningOp = provisioningEntity.getOperation();
            if (ProvisioningOperation.DELETE.equals(provisioningOp) && (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null)) {
                // send outbound delete request. Skip the flow
                return;
            }
            if (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) {
                provisioningOp = ProvisioningOperation.POST;
            }
            String[] provisionByRoleList = new String[0];
            if (provisioningIdp.getProvisioningRole() != null) {
                provisionByRoleList = provisioningIdp.getProvisioningRole().trim().split("\\s*,[,\\s]*");
            }
            if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(provisionByRoleList).contains(provisioningEntity.getEntityName())) {
                Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
                List<String> newUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false));
                List<String> deletedUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false));
                Map<ClaimMapping, List<String>> mappedUserClaims;
                ProvisionedIdentifier provisionedUserIdentifier;
                for (String user : newUsersList) {
                    ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.POST, user);
                    provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
                    if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
                        continue;
                    }
                    mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
                    outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims);
                    Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                    outboundProEntity.setIdentifier(provisionedIdentifier);
                    outboundProEntity.setJitProvisioning(jitProvisioning);
                    boolean isBlocking = entry.getValue().isBlocking();
                    executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                }
                for (String user : deletedUsersList) {
                    ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.DELETE, user);
                    provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
                    if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
                        mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
                        outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims);
                        Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                        outboundProEntity.setIdentifier(provisionedUserIdentifier);
                        outboundProEntity.setJitProvisioning(jitProvisioning);
                        boolean isBlocking = entry.getValue().isBlocking();
                        executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                    }
                }
            } else {
                if (!canUserBeProvisioned(provisioningEntity, provisionByRoleList, provisioningEntityTenantDomainName)) {
                    if (!canUserBeDeProvisioned(provisionedIdentifier)) {
                        continue;
                    } else {
                        // This is used when user removed from the provisioning role
                        provisioningOp = ProvisioningOperation.DELETE;
                    }
                }
                if (!skipOutBoundProvisioning(provisioningOp, provisioningEntity, inboundClaimDialect)) {
                    outboundProEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), provisioningOp, mapppedClaims);
                    Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                    outboundProEntity.setIdentifier(provisionedIdentifier);
                    outboundProEntity.setJitProvisioning(jitProvisioning);
                    boolean isAllowed = true;
                    boolean isBlocking = entry.getValue().isBlocking();
                    boolean isPolicyEnabled = entry.getValue().isPolicyEnabled();
                    if (isPolicyEnabled) {
                        isAllowed = XACMLBasedRuleHandler.getInstance().isAllowedToProvision(spTenantDomainName, provisioningEntity, serviceProvider, idPName, connectorType);
                    }
                    if (isAllowed) {
                        executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                    }
                }
            }
        }
        if (executors != null) {
            executors.shutdown();
        }
    } catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
        throw new IdentityProvisioningException("Error occurred while checking for user " + "provisioning", e);
    }
}
Also used : CarbonException(org.wso2.carbon.CarbonException) Entry(java.util.Map.Entry) SimpleEntry(java.util.AbstractMap.SimpleEntry) ServiceProviderProvisioningConnectorCacheEntry(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry) UserStoreException(org.wso2.carbon.user.api.UserStoreException) List(java.util.List) ArrayList(java.util.ArrayList) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ExecutorService(java.util.concurrent.ExecutorService) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 2 with ProvisioningEntity

use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.

the class ProvisioningThread method deleteProvisionedEntityIdentifier.

/**
 * @param idpName
 * @param connectorType
 * @param provisioningEntity
 * @param tenantDomain
 * @return
 * @throws IdentityApplicationManagementException
 */
private void deleteProvisionedEntityIdentifier(String idpName, String connectorType, ProvisioningEntity provisioningEntity, String tenantDomain) throws IdentityApplicationManagementException {
    int tenantId;
    try {
        tenantId = IdPManagementUtil.getTenantIdOfDomain(tenantDomain);
        dao.deleteProvisioningEntity(idpName, connectorType, provisioningEntity, tenantId, tenantDomain);
    } catch (UserStoreException e) {
        throw new IdentityApplicationManagementException("Error while deleting provisioning identifier.", e);
    }
}
Also used : IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 3 with ProvisioningEntity

use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.

the class CacheBackedProvisioningMgtDAO method deleteProvisioningEntity.

/**
 * @param identityProviderName
 * @param connectorType
 * @param provisioningEntity
 * @param tenantId
 * @throws IdentityApplicationManagementException
 */
public void deleteProvisioningEntity(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
    ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
    ProvisioningEntityCacheEntry entry = provisioningEntityCache.getValueFromCache(cacheKey, tenantDomain);
    if (entry != null) {
        if (log.isDebugEnabled()) {
            log.debug("Cache entry found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Hence remove from cache");
        }
        provisioningEntityCache.clearCacheEntry(cacheKey, tenantDomain);
    }
    provisioningMgtDAO.deleteProvisioningEntity(identityProviderName, connectorType, provisioningEntity, tenantId);
    if (log.isDebugEnabled()) {
        log.debug("Entry removed from DB for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName());
    }
}
Also used : ProvisioningEntityCacheKey(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheKey) ProvisioningEntityCacheEntry(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheEntry)

Example 4 with ProvisioningEntity

use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.

the class CacheBackedProvisioningMgtDAO method getProvisionedIdentifier.

/**
 * @param identityProviderName
 * @param connectorType
 * @param provisioningEntity
 * @param tenantId
 * @throws IdentityApplicationManagementException
 */
public ProvisionedIdentifier getProvisionedIdentifier(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
    ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
    ProvisioningEntityCacheEntry entry = provisioningEntityCache.getValueFromCache(cacheKey, tenantDomain);
    if (entry != null) {
        if (log.isDebugEnabled()) {
            log.debug("Cache entry found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName());
        }
        provisioningEntity = entry.getProvisioningEntity();
        return provisioningEntity.getIdentifier();
    } else {
        if (log.isDebugEnabled()) {
            log.debug("Cache entry not found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Fetching entity from DB");
        }
        ProvisionedIdentifier provisionedIdentifier = provisioningMgtDAO.getProvisionedIdentifier(identityProviderName, connectorType, provisioningEntity, tenantId);
        if (provisionedIdentifier != null) {
            if (log.isDebugEnabled()) {
                log.debug("Entry fetched from DB for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Updating cache");
            }
            ProvisioningEntity cachedProvisioningEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getOperation());
            cachedProvisioningEntity.setIdentifier(provisionedIdentifier);
            entry = new ProvisioningEntityCacheEntry();
            entry.setProvisioningEntity(cachedProvisioningEntity);
            provisioningEntityCache.addToCache(cacheKey, entry, tenantDomain);
            return provisionedIdentifier;
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Entry for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + " not found in cache or DB");
            }
        }
    }
    return null;
}
Also used : ProvisionedIdentifier(org.wso2.carbon.identity.provisioning.ProvisionedIdentifier) ProvisioningEntityCacheKey(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheKey) ProvisioningEntity(org.wso2.carbon.identity.provisioning.ProvisioningEntity) ProvisioningEntityCacheEntry(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheEntry)

Example 5 with ProvisioningEntity

use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.

the class CacheBackedProvisioningMgtDAO method addProvisioningEntity.

/**
 * @param identityProviderName
 * @param connectorType
 * @param provisioningEntity
 * @param tenantId
 * @throws IdentityApplicationManagementException
 */
public void addProvisioningEntity(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
    provisioningMgtDAO.addProvisioningEntity(identityProviderName, connectorType, provisioningEntity, tenantId);
    if (log.isDebugEnabled()) {
        log.debug("Caching newly added Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + "&& provisioningIdentifier=" + provisioningEntity.getIdentifier().getIdentifier());
    }
    ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
    ProvisioningEntityCacheEntry entry = new ProvisioningEntityCacheEntry();
    ProvisioningEntity cachedProvisioningEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getOperation());
    ProvisionedIdentifier provisionedIdentifier = provisioningEntity.getIdentifier();
    cachedProvisioningEntity.setIdentifier(provisionedIdentifier);
    entry.setProvisioningEntity(cachedProvisioningEntity);
    provisioningEntityCache.addToCache(cacheKey, entry, tenantDomain);
}
Also used : ProvisionedIdentifier(org.wso2.carbon.identity.provisioning.ProvisionedIdentifier) ProvisioningEntityCacheKey(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheKey) ProvisioningEntity(org.wso2.carbon.identity.provisioning.ProvisioningEntity) ProvisioningEntityCacheEntry(org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheEntry)

Aggregations

IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)17 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)12 ProvisioningEntity (org.wso2.carbon.identity.provisioning.ProvisioningEntity)12 List (java.util.List)11 HashMap (java.util.HashMap)10 ThreadLocalProvisioningServiceProvider (org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider)10 Connection (java.sql.Connection)4 PreparedStatement (java.sql.PreparedStatement)4 SQLException (java.sql.SQLException)4 ProvisionedIdentifier (org.wso2.carbon.identity.provisioning.ProvisionedIdentifier)3 ProvisioningEntityCacheEntry (org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheEntry)3 ProvisioningEntityCacheKey (org.wso2.carbon.identity.provisioning.cache.ProvisioningEntityCacheKey)3 UserStoreException (org.wso2.carbon.user.api.UserStoreException)3 ArrayList (java.util.ArrayList)2 RequestDTO (org.wso2.carbon.identity.entitlement.common.dto.RequestDTO)2 ResultSet (java.sql.ResultSet)1 SimpleEntry (java.util.AbstractMap.SimpleEntry)1 Map (java.util.Map)1 Entry (java.util.Map.Entry)1 ExecutorService (java.util.concurrent.ExecutorService)1